Team Secrets

Inspiration

Teams share sensitive information in JIRA all the time: passwords, customer data, SSL certs, SSH keys, PHI. But JIRA doesn’t provide end-to-end encryption for these secrets, so they live in JIRA unprotected or end up somewhere else, disconnected from the actual work.

We wanted a safer way to store and share sensitive information in JIRA so we created Team Secrets.

What it does

Team Secrets protects sensitive information in JIRA with end-to-end encryption and viewer verification. It works in both JIRA Cloud and JIRA Server and offers:

TRUE END-TO-END ENCRYPTION MADE EASY
Team Secrets uses bank-grade encryption to protect your file attachments and secret text from the moment you start uploading until they are viewed by the recipient. Snooping on the transfer or stealing the file will result in something completely undecipherable (i.e. we don’t trust SSL).

REAL RECIPIENT VERIFICATION
Team Secrets ensures that anyone opening your secret is authenticated using at least 2 forms of ID. Email address, team membership, passphrase and mobile phone verification means only the people you choose can assemble the keys necessary to decrypt the files.

TEAM SECRETS DENIABILITY
Team Secrets does not at any point have the ability to decrypt a secret under any circumstances - only the creator and the chosen viewers can do that.

EASY TO USE
Team Secrets works just like file attachments and text fields for an experience that is frictionless and completely integrated into existing JIRA workflows.

How we built it

Team Secrets implements end-to-end encryption, which means the secret is always encrypted and decrypted in the browser of the creator or viewers instead of the server.

Since the local machine is doing the work, we needed fast and lightweight crypto libraries. We chose the “xsalsa20-poly1305" encryption scheme because it provides great security with fast processing and “TweetNaCl” because it’s a small, auditable high-security cryptographic library.

Decryption requires BOTH a master key (stored as a property of a JIRA issue) and individual keys that live on Team Secrets servers. Since we don’t have access to your JIRA server, we can never combine the keys to decrypt your files. Only you and authorized secret viewers can access both keys.

Challenges we ran into

Balancing convenience vs. security is very difficult. We wanted our user experience to be as fast and easy as uploading an attachment, but we have to gather so much more information about viewers and security measures. We did dozens of iterations and settled on our simple dialog approach with as few steps as possible.

Encryption is CPU intensive and due to Javascript’s single threaded nature, our UI was vulnerable to getting blocked during the encryption process. To resolve, we used workers to perform the complete file reading/encryption process.

Accomplishments that we're proud of

We are very proud of solving the problem of sharing secrets in JIRA in a way that’s both highly secure but also convenient and easy to use. Most solutions out there accomplish one of those two pillars but not both - and now we are the first to make it available in JIRA!

We’re also proud of how we solved the key management problem. In Team Secrets, one of our business rules is that our servers can never have all the information necessary to decrypt a user’s file. This is to protect our users’ secrets even if our servers get compromised.

What we learned

Getting security right is a tough problem, but doing it in a way that minimizes friction and adds minimal overhead for the team is even harder. But, if you give people a way to share secrets safely in JIRA, they will use it!

What's next for Team Secrets

We believe that JIRA is just one of many places where teams are sharing sensitive information and want more secure options. We’d like to extend Team Secrets to Confluence, HipChat and other Atlassian products so that teams can practice safe sharing wherever they work.